package com.shujia.mvc;

import java.sql.*;
import java.util.Scanner;


public class Login {

    private static final String URL = "jdbc:mysql://node1:3306/shujia";

    public static void main(String[] args) throws ClassNotFoundException, SQLException {

        /**
         *
         * 登录
         *
         * 1、用户输入用户名和密码
         * 2、判断用户名是否存在
         * 3、判断密码是否正确
         *
         *
         */

        Scanner scanner = new Scanner(System.in);


        System.out.println("请输入用户名：");
        String username = scanner.next();

        System.out.println("请输入用密码：");
        String password = scanner.next();

        //sql注入
        //String password = "' or '1'='1";


        //连接数据库判断用户名面膜是否正确
        Class.forName("com.mysql.jdbc.Driver");
        //获取连接
        Connection conn = DriverManager.getConnection(URL, "root", "123456");


        //执行查询
        String sql1 = "select * from user where username=?";
        PreparedStatement preparedStatement = conn.prepareStatement(sql1);
        System.out.println(sql1);
        //给？  赋值
        preparedStatement.setString(1, username);

        //执行查询
        ResultSet resultSet = preparedStatement.executeQuery();

        //判断用户名是否存在
        if (!resultSet.next()) {
            System.out.println("用户名不存在。。。。");
            return;
        }

        String sql2 = "select * from user where username=? and password=?";
        System.out.println(sql2);
        PreparedStatement preparedStatement1 = conn.prepareStatement(sql2);
        //1  代表第一个 ？
        preparedStatement1.setString(1, username);
        preparedStatement1.setString(2, password);

        ResultSet resultSet1 = preparedStatement1.executeQuery();
        if (!resultSet1.next()) {
            System.out.println("密码不正确。。。");
            return;
        }


        System.out.println("登录成功。。");

    }
}
